Input validation

2024-01-2310:15:00

PRIOn knowledge base

www.prio-n.com

input validation

vulnerability

a-blog cms

remote attacker

arbitrary javascript

svg file

nvd

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.9%

JSON

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.

CPENameOperatorVersion
a-blog_cmsle2.9.0
a-blog_cmsge2.10.0
a-blog_cmslt2.10.50
a-blog_cmsge2.11.0
a-blog_cmslt2.11.58
a-blog_cmsge3.1.0
a-blog_cmslt3.1.7
a-blog_cmsge3.0.0
a-blog_cmslt3.0.29

Name	Operator	Version
a-blog_cms	le	2.9.0
a-blog_cms	ge	2.10.0
a-blog_cms	lt	2.10.50
a-blog_cms	ge	2.11.0
a-blog_cms	lt	2.11.58
a-blog_cms	ge	3.1.0
a-blog_cms	lt	3.1.7
a-blog_cms	ge	3.0.0
a-blog_cms	lt	3.0.29